Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-11468

The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

Related bugs and status

CVE-2018-11468 (Candidate) is related to these bugs:

Bug #1899213: [MIR] new dependencies of lintian

		In	Importance	Status
1899213	[MIR] new dependencies of lintian	libproc-processtable-perl (Ubuntu)	Undecided	Fix Released
1899213	[MIR] new dependencies of lintian	libhtml-html5-entities-perl (Ubuntu)	Undecided	Fix Released
1899213	[MIR] new dependencies of lintian	libtext-markdown-discount-perl (Ubuntu)	Undecided	Fix Released
1899213	[MIR] new dependencies of lintian	discount (Ubuntu)	Undecided	Fix Released
1899213	[MIR] new dependencies of lintian	lintian (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/Orc...
MLIST: [debian-lts-announce] ...
DEBIAN: DSA-4293